[Koha-bugs] [Bug 4517] New: serials routing list member reordering can be done without staff authentication

Mon May 17 14:51:03 CEST 2010

http://bugs.koha.org/cgi-bin/bugzilla3/show_bug.cgi?id=4517

           Summary: serials routing list member reordering can be done
                    without staff authentication
           Product: Koha
           Version: HEAD
          Platform: All
               URL: serials/reorder_members.pl
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Serials
        AssignedTo: colin.campbell at ptfs-europe.com
        ReportedBy: gmcharlt at gmail.com
   Estimated Hours: 0.0
 Change sponsored?: ---

serials/reorder_members.pl does not do an authentication check, thus allowing
somebody to construct a URL to manipulate the order of members in a serials
routing list without authorization.

-- 
Configure bugmail: http://bugs.koha.org/cgi-bin/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.